An indictment has been unsealed on Tuesday charging Liberty Reserve, a company that operated one of the world’s most widely used digital currency services, and seven of its principals and employees with money laundering and operating an unlicensed money transmitting business.

Liberty Reserve is alleged to have had more than one million users worldwide, including more than 200,000 users in the U.S, who conducted approximately 55 million transactions – virtually all of which were illegal – and laundered more than $6 billion in suspected proceeds of crimes including credit card fraud, identity theft, investment fraud, computer hacking, child pornography, and narcotics trafficking.

Five defendants were arrested on May 24, 2013, including Arthur Budovsky, the principal founder of Liberty Reserve, who was arrested in Spain; Vladimir Kats, the co-founder of Liberty Reserve, who was arrested in Brooklyn, New York; Azzeddine El Amine, a manager of Liberty Reserve’s financial accounts, who was arrested in Spain; and Mark Marmilev and Maxim Chukharev, who helped design and maintain Liberty Reserve’s technological infrastructure, who were arrested in Brooklyn, New York, and Costa Rica, respectively. Two other defendants, Ahmed Yassine Abdelghani (“Yassine”) and Allan Esteban Hidalgo Jimenez (“Hidalgo”), are at large in Costa Rica.

According to the allegations in the Indictment, the Civil Forfeiture Complaint, and other documents filed in Manhattan federal court:

Liberty Reserve was incorporated in Costa Rica in 2006 and operated the digital currency commonly referred to as “LR.” While the company billed itself as the Internet’s “largest payment processor and money transfer system,” serving “millions” of people around the world, including the U.S., at no time did the company register with the U.S. Department of the Treasury as a money transmitting business, as required by law.

The defendants created, structured, and operated Liberty Reserve as a criminal bank-payment processor designed to help users conduct illegal transactions anonymously and launder the proceeds of their crimes. It emerged as one of the principal money transfer agents used by cyber criminals around the world to distribute, store, and launder the proceeds of their illegal activity.

The company grew into a financial hub of the cybercrime world, facilitating a broad range of online criminal activity, including credit card fraud, identity theft, investment fraud, computer hacking, child pornography, and narcotics trafficking. Liberty Reserve was used extensively for illegal purposes, functioning as the bank of choice for the criminal underworld because it provided an infrastructure that enabled cyber criminals around the world to conduct anonymous and untraceable financial transactions.

The defendants also protected the criminal infrastructure of Liberty Reserve by, among other things, lying to anti-money laundering authorities in Costa Rica and pretending to shut down Liberty Reserve after learning the company was being investigated by U.S. law enforcement. They then continued operating the business through a set of shell companies, and moved tens of millions of dollars through shell company accounts maintained in Cyprus, Russia, China, Hong Kong, Morocco, Spain, Australia, and elsewhere.

In order to use LR currency, a user first had to open an account through the Liberty Reserve website and provide basic identifying information. Unlike traditional banks or legitimate online processors, Liberty Reserve did not require users to validate their identities. Users routinely established accounts under false names, including such blatantly criminal names as “Russia Hackers” and “Hacker Account.” As part of the investigation, a law enforcement agent opened and executed transactions through an undercover account at Liberty Reserve in the name of “Joe Bogus” and the address “123 Fake Main Street” in “Completely Made Up City, New York.”

Once an account was established, the user could conduct transactions with other Liberty Reserve users. In these transactions, the user could receive transfers of LR from other users’ accounts, and transfer LR from his or her own account to other users, including any “merchants” that accepted LR as payment. Liberty Reserve charged a one-percent fee up to a maximum of $2.99, every time a user transferred LR to another user through the Liberty Reserve system. For an additional “privacy fee” of 75 cents per transaction, a user could hide his or her own Liberty Reserve account number when transferring funds, effectively making the transfer completely untraceable, even within Liberty Reserve’s already opaque system.

To add an additional layer of anonymity, Liberty Reserve did not permit users to fund their accounts by transferring money to the company directly through a credit card transfer or other means. Users also could not withdraw funds from their accounts directly. Instead, Liberty Reserve users were required to make any deposits or withdrawals through the use of third-party “exchangers,” which enabled the company to avoid collecting any information about its users through banking transactions or other activity that would leave a centralized financial paper trail. BUDOVSKY, KATS, and EL AMINE owned and operated certain Liberty Reserve exchanger services.

The Liberty Reserve website recommended a number of “pre-approved” exchangers, which tended to be unlicensed money transmitting businesses operating in countries without significant governmental money laundering oversight or regulation, such as in Malaysia, Russia, Nigeria, and Vietnam. The exchangers charged transaction fees for their services that were much higher than the fees charged by mainstream banks or payment processors for comparable money transfers.

In addition to being used to process payments for illegal goods and services online, Liberty Reserve was also used by cyber criminals to launder criminal proceeds and transfer funds among criminal associates. For example, Liberty Reserve was used by credit-card theft and computer-hacking rings operating in countries around the world, including Vietnam, Nigeria, Hong Kong, China, and the U.S., to distribute proceeds of these conspiracies among the members involved.

The seven defendants are each charged with one count of conspiracy to commit money laundering, which carries a maximum term of 20 years in prison, one count of conspiracy to operate an unlicensed money transmitting business, which carries a maximum term of five years in prison, and operation of an unlicensed money transmitting business, which carries a maximum term of five years in prison.

In addition to the criminal charges brought in the Indictment, five domain names were seized, namely, the domain name of Liberty Reserve and the domain names of four exchanger websites that were controlled by one or more of the defendants; 45 bank accounts were restrained or seized; and a civil action was filed against 35 exchanger websites seeking the forfeiture of the exchangers’ domain names because the websites were used to facilitate the Liberty Reserve money laundering conspiracy and constitute property involved in money laundering.

The four exchangers whose domain names were seized, as well as the 35 exchangers whose domain names are the subjects of the civil forfeiture action, were all exchangers that transacted business with Liberty Reserve and were listed on Liberty Reserve’s website as “pre-approved exchangers.” The investigation and takedown involved law enforcement action in 17 countries, including Costa Rica, the Netherlands, Spain, Morocco, Sweden, Switzerland, Cyprus, Australia, China, Norway, Latvia, Luxembourg, the United Kingdom, Russia, Canada, and the U.S.

Spotlight

Microsoft Edge, the new browser in Windows 10, represents a significant increase in the security over Internet Explorer. However, there are also new potential threat vectors that aren’t present in older versions.

35 percent of employees would sell information on company patents, financial records and customer credit card details if the price was right. This illustrates the growing importance for organizations to deploy data loss prevention strategies.

Sun Tzu's writings have been studied throughout the ages by professional militaries and can used to not only answer the question of whether or not we are in a cyberwar, but how one can fight a cyber-battle.

Infosec consultant Paul Moore came up with a working solution to thwart a type of behavioral profiling. The result is a Chrome extension called Keyboard Privacy, which prevents profiling of users by the way they type by randomizing the rate at which characters reach the DOM.